From f4e2525c8646d166aa71263e89da511162d9803c Mon Sep 17 00:00:00 2001
From: "zhaozhao.zz" <276441700@qq.com>
Date: Fri, 24 Jul 2020 14:40:19 +0800
Subject: [PATCH] more strict check in rioConnRead (#7564)

---
 src/rio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rio.c b/src/rio.c
index 77ba69fdc..bbef81b68 100644
--- a/src/rio.c
+++ b/src/rio.c
@@ -201,7 +201,7 @@ static size_t rioConnRead(rio *r, void *buf, size_t len) {
             /* Make sure the caller didn't request to read past the limit.
              * If they didn't we'll buffer till the limit, if they did, we'll
              * return an error. */
-            if (r->io.conn.read_limit >= r->io.conn.read_so_far + needs)
+            if (r->io.conn.read_limit >= r->io.conn.read_so_far + len)
                 toread = r->io.conn.read_limit - r->io.conn.read_so_far - buffered;
             else {
                 errno = EOVERFLOW;